Anchor | ||||
---|---|---|---|---|
|
Include Page | ||||
---|---|---|---|---|
|
...
The key-pair is (optionally) created and then assigned to the Charon cloud instance at first launch. If a new key-pair is created, the private key can be downloaded during creation.
Make sure to store the private key in a safe place. If it is lost, access to the instance may be permanently lost.
Div | ||
---|---|---|
| ||
Adapting the SSH Daemon Configuration of the Charon Host System
...
Steps on the Charon Host System
Creating a VPN Bridge Manuallya VPN Bridge Manually
Please note: should you plan to manage this bridge later using the Charon Manager, you must adhere to the Charon-SSP naming conventions for virtual bridges:
- Bridge name: br_<name-of-bridge>
- TAP name for emulator connection: tapX_<name-of-bridge> (where X stands for an integer identifying the tap interface)
- TAP name for tunnel connection: tap0
To create a bridge for the VPN tunnel manually, use commands similar to the following:
...
To make the configuration permanent, you can use ifcfg-files, nmcli commands, or a custom startup script - depending on your requirements and your host operating system version.
Linux version | network-scripts method (ifcfg-files) | NetworkManager (nmcli) |
---|---|---|
7.x | Installed by default. NM_CONTROLLED=no forces ifcfg-file use | Installed by default. |
8.x | Deprecated but available; | Preferred configuration method. Used by the Charon-SSP Manager starting with Linux 8 |
9.x | No longer available. For interface types supported by the ifcfg-rh plugin, ifcfg-files can be used. | Only method with full functionality. Must be used for TAP interfaces. |
Div | ||
---|---|---|
| ||
Sample ifcfg-files for CentOS/RHEL 7:
...
Code Block | ||
---|---|---|
| ||
nmcli conn add type bridge con-name br_vpn0 ifname br_vpn0 ipv4.method manual ipv4.addresses 192.168.0.10/24 \ ipv6.method disabled nmcli conn add type tun mode tap autoconnect yes con-name tap0_vpn0 ifname tap0_vpn0 master br_vpn0 |
Div | ||
---|---|---|
| ||
Creating a VPN Bridge using the Charon-SSP Manager
...
Perform the following steps to configure a VPN bridge:
This Please note: this interface and the interface on the remote Linux system must be in the same IP subnet. Click on OK to save your configuration. |
...
Click on OK to save the configuration change.
If If the emulated instance is currently running, the guest must be shut down and the emulated instance must be restarted for the change to become active.
Div | ||
---|---|---|
| ||
Steps on the Remote Linux System
The Please note: the steps on the Charon host must be performed first.
...
Action | Command |
---|---|
Create TAP interface | # ip tuntap add dev tap0 mod tap |
Enable TAP interface | # ip link set tap0 up |
Create bridge | # ip link add name br_vpn0 type bridge |
Enable bridge interface | # ip link set br_vpn0 up |
Define IP address for bridge | # ip addr add 192.168.0.1/24 dev br_vpn0 |
Add TAP interface to bridge | # ip link set tap0 master br_vpn0 |
Start the SSH tunnel autossh is a program to start a copy of ssh and monitor it, restarting it Once started, you can move the program to the background. |
The The value for username depends on the Charon product: All products: root (or another configured user with the correct privileges and authorized_keys file). -M defines the monitoring port autossh uses to monitor the connection |
...